Information Protection and Security

Research in Motion has released a a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19552" target="_self"security advisory/a to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site.brbrUS-CERT encourages users to review the BlackBerry security advisory a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19552" target="_self"KB19552/a and apply any necessary a href="http://na.blackberry.com/eng/update/" target="_self"updates/a.br

US-CERT is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreportednbsp; Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.brbrUS-CERT encourages users and administrators to take the following measures to protect themselves:brulliReview the a href="http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=1" target="_self"How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites/a document on the IRS website./liliDo not follow unsolicited web links or attachments in email messages./liliMaintain up-to-date antivirus software./liliRefer to the a href="http://www.us-cert.gov/reading_room/emailscams_0905.pdf" target="_self"Recognizing and Avoiding Email Scams/a (pdf) document for more information on avoiding email scams./liliRefer to the a href="http://www.us-cert.gov/cas/tips/ST04-014.html" target="_self"Avoiding Social Engineering and Phishing Attacks/a document for more information on social engineering attacks.br/li/ul

Cisco has released multiple security advisories to address vulnerabilities in IOS Software and Unified Communications Manager. These vulnerabilities may allow an attacker to cause a denial-of-servicebrcondition, buffer overflow, or access control list bypass.brbrUS-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.brullia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8119.shtml" target="_self"cisco-sa-20090923-acl/a : Cisco IOS Software Object-group Access Control List Bypass Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtml" target="_self"cisco-sa-20090923-auth-proxy/a : Cisco IOS Software Authentication Proxy Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml" target="_self"cisco-sa-20090923-cm/a : Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml" target="_self"cisco-sa-20090923-cme/a : Cisco Unified Communications Manager Express Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811a.shtml" target="_self"cisco-sa-20090923-h323/a : Cisco IOS Software H.323 Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8130.shtml" target="_self"cisco-sa-20090923-ios-fw/a : Cisco IOS Software Zone-Based Policy Firewall Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8117.shtml" target="_self"cisco-sa-20090923-ipsec/a : Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8131.shtml" target="_self"cisco-sa-20090923-ntp/a : Cisco IOS Software Network Time Protocol Packet Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811b.shtml" target="_self"cisco-sa-20090923-sip/a : Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811c.shtml" target="_self"cisco-sa-20090923-tls/a : Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8115.shtml" target="_self"cisco-sa-20090923-tunnels/a : Cisco IOS Software Tunnels Vulnerabilitybr/li/ul

US-CERT is aware of public reports regarding a search engine result poisoning campaign affecting search results for the Montgomery County Animal Shelter. Users seeking details on rumors about the closure of a "Montgomery County Animal Shelter" may be led to click on illegitimate search results which attempt to download malicious code. The rumors are being spread via e-mail, forums, and social networking sites, usually taking the form of a plea for readers to contact the shelter and adopt animals prior to the shelter's closing.brbrUS-CERT is monitoring the situation and will provide updates as they become available.

Apple has released iTunes 9.0.1 to address a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.brbrUS-CERT encourages users to review Apple article a href="http://support.apple.com/kb/HT3884" target="_self"HT3884/a and apply any necessary updates to help mitigate the risks.

Microsoft has released Microsoft Knowledge Base a href="http://support.microsoft.com/kb/975497" target="_self"Article 975497/a to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.brbrUS-CERT encourages users and administrators to review Microsoft Knowledge Base a href="http://support.microsoft.com/kb/975497" target="_self"Article 975497/a and Microsoft Security a href="http://www.microsoft.com/technet/security/advisory/975497.mspx" target="_self"Advisory 975497/a and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the "a href="http://www.us-cert.gov/current/#microsoft_releases_security_advisory_975497" target="_self"Microsoft Releases Security Advisory 975497/a" Current Activity entry.brbrUS-CERT is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the a href="http://support.microsoft.com/kb/975497"Microsoft Fix/a it solution or other workarounds until a patch is released.

Adobe has released security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-14.html" target="_self"APSB09-14/a to address a vulnerability in RoboHelp Sever 8. This vulnerability may allow a remote attacker to execute arbitrary code.brbrUS-CERT encourages users and administrators to review Adobe security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-14.html" target="_self"APSB09-14/a and apply any necessary updates.

US-CERT is aware of public reports indicating that attackers are using legitimate web pages to run malicious code on victims' machines.brbrReports, including a posting by a href="http://www.sophos.com/blogs/gc/g/2009/09/11/scareware-scammers-exploit-911" target="_self"Sophos/a, indicate that these messagesbrulliInclude keywords and names related to the 9/11/2001 terrorist attack/liliPrompt users with a fake virus scan that attempts to make users believe they have a security issue. The users are then asked to download fake security software that is actually malicious code./li/ulspan style="font-style: italic;"nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; Please note that these characteristics may change at any time/span.brbrUS-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:brulliInstall anti-virus software, and keep its virus signature file up to date/liliRefer to the a href="http://www.us-cert.gov/cas/tips/ST04-014.html" target="_self"Avoiding Social Engineering and Phishing Attacks/a document for more information on social engineering attacksbr /li/ul

Apple has released Security Update 2009-005 and Mac OS X v10.6.1 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain elevated privileges, or access local files.brbrUS-CERT encourages users and administrators to review Apple articles a href="http://support.apple.com/kb/HT3865" target="_self"HT3865/a and a href="http://support.apple.com/kb/HT3864" target="_self"HT3864/a and apply any necessary updates to help mitigate the risks. Apple article HT3864 addresses the vulnerability previously reported in the "Adobe Flash Vulnerability Affecting Apple Snow Leopard" Current Activity a href="http://www.us-cert.gov/current/current_activity.html#adobe_flash_vulnerability_affecting_apple" target="_self"entry/a.br

Apple has released the following security updates:brulliOS 3.1 for iPhone/liliOS 3.1.1 for iPod touch/liliQuicktime 7.6.4/li/ulThese security updates address vulnerabilities in multiple Apple products. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, access the system with escalated privileges, or obtain sensitive information.brbrUS-CERT encourages users and administrators to review the following Apple Security Articles and apply any necessary updates:brbrnbsp;nbsp;nbsp; * iPhone and iPod OS update (Article: a href="http://support.apple.com/kb/HT3860" target="_self"HT3860/a)brnbsp;nbsp;nbsp; * Quicktime Update (Article: a href="http://support.apple.com/kb/HT3661" target="_self"HT3661/a)

Mozilla has released a security advisory to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, mislead users by spoofing a URL, or cause a denial of service.brbrUS-CERT encourages users to review Mozilla Foundation Security Advisories a href="http://www.mozilla.org/security/announce/2009/mfsa2009-47.html" target="_self"2009-47/a, a href="http://www.mozilla.org/security/announce/2009/mfsa2009-48.html" target="_self"2009-48/a, a href="http://www.mozilla.org/security/announce/2009/mfsa2009-49.html" target="_self"2009-49/a, a href="http://www.mozilla.org/security/announce/2009/mfsa2009-50.html" target="_self"2009-50/a, and a href="http://www.mozilla.org/security/announce/2009/mfsa2009-51.html" target="_self"2009-51/a and apply any necessary updates or workarounds to help mitigate the risks.brbrUS-CERT will provide more information as it becomes available.

Microsoft has released security advisory a href="http://www.microsoft.com/technet/security/advisory/975497.mspx" target="_self"975497/a to address reports of a vulnerability in Microsoft Server Message Block. The vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.brbrUS-CERT encourages users and administrators to review Microsoft Security Advisory a href="http://www.microsoft.com/technet/security/advisory/975497.mspx" target="_self"975497/a and implement the suggested workarounds listed in the advisory to help mitigate the risks.brbrUS-CERT will provide additional information as it becomes available.

Cisco has released a Security Advisory to address a vulnerability in multiple products. This vulnerability may allow a remote attacker to cause a denial-of-service condition.nbsp; The security advisory indicates that the following Cisco products are affected by this vulnerability:brulliCisco IOS Software/liliCisco IOS-XE Software/liliCisco CatOS Software/liliCisco Adaptive Security Appliance and Cisco PIX/liliCisco NX-OS Softwarenbsp;nbsp;nbsp; br/li/ulUS-CERT encourages users and administrators to review Cisco Security Advisory a href="http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml" target="_self"cisco-sa-20090908-tcp24/a and apply any necessary updates.brnbsp;

Microsoft has released Microsoft Security Bulletin Summary for a href="http://www.microsoft.com/technet/security/Bulletin/ms09-sep.mspx" target="_self"September 2009/a. September's Bulletin includes updates to address multiple vulnerabilities in Microsoft Windows. These vulnerabilities may allow an attacker to execute arbitrary code.brbrUS-CERT encourages users and administrators to review the a href="http://www.microsoft.com/technet/security/Bulletin/ms09-sep.mspx" target="_self"bulletins/a and follow best-practice security policies to determine which updates should be applied.br

Apple has released Java for Mac OS X 10.5 Update 5 to address multiple vulnerabilities in Java. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.brbrUS-CERT encourages users and administrators to review Apple articlenbsp;a href="http://support.apple.com/kb/HT3851" target="_self"HT3851/a and apply any necessary updates to help mitigate the risks.

US-CERT is aware that Apple's recently released version of Mac OS X, Snow Leopard, includes a version of the Flash Player that contains previously addressed vulnerabilities.brbrUS-CERT encourages users and administrators to upgrade to the latest version of a href="http://get.adobe.com/flashplayer/" target="_self"Flash Player/a. Users and administrators can determine their version of Flash using the a href="http://kb2.adobe.com/cps/155/tn_15507.html" target="_self"Version test for Adobe Flash Player/a.

Microsoft has issued a a href="http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx" target="_self"Security Bulletin Advance Notification/a indicating that the September release cycle will contain five bulletins, all of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Windows.nbsp; Release of these bulletins is scheduled for Tuesday, September 8.brbrUS-CERT will provide additional information as it becomes available.

Microsoft Internet Information Services (IIS) FTP Service VulnerabilitybrbrUS-CERT is aware of a public report of a vulnerability affecting the Microsoft Internet Information Services (IIS) FTP service. This vulnerability may allow a remote attacker to execute arbitrary code.brbrUS-CERT encourages administrators to disable anonymous write access to the FTP server to help mitigate the vulnerability, although a proper impact analysis should be performed prior to taking defensive measures. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note a href="http://www.kb.cert.org/vuls/id/276653" target="_self"VU#276653/a and Microsoft Security Advisory a href="http://www.microsoft.com/technet/security/advisory/975191.mspx" target="_self"975191/a.brbrUS-CERT will provide additional information as it becomes available.

Cisco has released a Security Advisory to address multiple vulnerabilities in Cisco Unified Communication Manager. These vulnerabilities may allow a remote attacker to cause a denial-of-service condition.brbrUS-CERT encourages users and administrators to review Cisco Security Advisory a href="http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml" target="_self"cisco-sa-20090826-cucm/a and apply any necessary updates.br

US-CERT is aware of reports of a vulnerability in the way the Autonomy KeyView SDK parses Excel files. The Autonomy KeyView SDK is used by certain products, including Lotus Notes and Symantec Mail Security, to support the handling of a number of different file formats. By supplying a specially crafted Excel spreadsheet to an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code in the context of that application.brbrUS-CERT encourages users and administrators to do the following to help mitigate the risks:brulliIBM Lotus Notes users should review the a href="http://www-01.ibm.com/support/docview.wss?rs=463amp;uid=swg21396492" target="_self"IBM Flash Alert/a and implement the listed fixes or workarounds./liliSymantec users should review a href="http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisoryamp;pvid=security_advisoryamp;year=2009amp;suid=20090825_00" target="_self"Symantec Security Advisory SYM09-010/a and implement the listed fixes or workarounds./liliThe original reporters of the vulnerability state that users of other applications that use an affected version of the Autonomy KeyView SDK may wish to remove the xlssr.dll filter module or comment out the reference to xlssr.dll in the KeyView.ini file distributed with the affected application.br/li/ulbr